summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2016-03-23 09:33:42 -0400
committerAnthony G. Basile <blueness@gentoo.org>2016-03-23 09:33:42 -0400
commitd25ba7fcc3a74ea61aee8447d872e1595c267eaa (patch)
treeee875c476fca550a44b2d3a4e98e8da9f69b8f4c
parentgrsecurity-3.1-4.4.5-201603142220 (diff)
downloadhardened-patchset-d25ba7fcc3a74ea61aee8447d872e1595c267eaa.tar.gz
hardened-patchset-d25ba7fcc3a74ea61aee8447d872e1595c267eaa.tar.bz2
hardened-patchset-d25ba7fcc3a74ea61aee8447d872e1595c267eaa.zip
grsecurity-3.1-4.4.6-20160322174820160322
-rw-r--r--4.4.6/0000_README (renamed from 4.4.5/0000_README)2
-rw-r--r--4.4.6/4420_grsecurity-3.1-4.4.6-201603221748.patch (renamed from 4.4.5/4420_grsecurity-3.1-4.4.5-201603142220.patch)221
-rw-r--r--4.4.6/4425_grsec_remove_EI_PAX.patch (renamed from 4.4.5/4425_grsec_remove_EI_PAX.patch)0
-rw-r--r--4.4.6/4427_force_XATTR_PAX_tmpfs.patch (renamed from 4.4.5/4427_force_XATTR_PAX_tmpfs.patch)0
-rw-r--r--4.4.6/4430_grsec-remove-localversion-grsec.patch (renamed from 4.4.5/4430_grsec-remove-localversion-grsec.patch)0
-rw-r--r--4.4.6/4435_grsec-mute-warnings.patch (renamed from 4.4.5/4435_grsec-mute-warnings.patch)0
-rw-r--r--4.4.6/4440_grsec-remove-protected-paths.patch (renamed from 4.4.5/4440_grsec-remove-protected-paths.patch)0
-rw-r--r--4.4.6/4450_grsec-kconfig-default-gids.patch (renamed from 4.4.5/4450_grsec-kconfig-default-gids.patch)12
-rw-r--r--4.4.6/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 4.4.5/4465_selinux-avc_audit-log-curr_ip.patch)2
-rw-r--r--4.4.6/4470_disable-compat_vdso.patch (renamed from 4.4.5/4470_disable-compat_vdso.patch)0
-rw-r--r--4.4.6/4475_emutramp_default_on.patch (renamed from 4.4.5/4475_emutramp_default_on.patch)0
11 files changed, 67 insertions, 170 deletions
diff --git a/4.4.5/0000_README b/4.4.6/0000_README
index 6d51814..3c1a08c 100644
--- a/4.4.5/0000_README
+++ b/4.4.6/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.1-4.4.5-201603142220.patch
+Patch: 4420_grsecurity-3.1-4.4.6-201603221748.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/4.4.5/4420_grsecurity-3.1-4.4.5-201603142220.patch b/4.4.6/4420_grsecurity-3.1-4.4.6-201603221748.patch
index dac56bb..a0d7af9 100644
--- a/4.4.5/4420_grsecurity-3.1-4.4.5-201603142220.patch
+++ b/4.4.6/4420_grsecurity-3.1-4.4.6-201603221748.patch
@@ -448,22 +448,8 @@ index af70d15..ccd3786 100644
modules_disabled:
A toggle value indicating if modules are allowed to be loaded
-diff --git a/Documentation/virtual/kvm/mmu.txt b/Documentation/virtual/kvm/mmu.txt
-index 3a4d681..b653641 100644
---- a/Documentation/virtual/kvm/mmu.txt
-+++ b/Documentation/virtual/kvm/mmu.txt
-@@ -358,7 +358,8 @@ In the first case there are two additional complications:
- - if CR4.SMEP is enabled: since we've turned the page into a kernel page,
- the kernel may now execute it. We handle this by also setting spte.nx.
- If we get a user fetch or read fault, we'll change spte.u=1 and
-- spte.nx=gpte.nx back.
-+ spte.nx=gpte.nx back. For this to work, KVM forces EFER.NX to 1 when
-+ shadow paging is in use.
- - if CR4.SMAP is disabled: since the page has been changed to a kernel
- page, it can not be reused when CR4.SMAP is enabled. We set
- CR4.SMAP && !CR0.WP into shadow page's role to avoid this case. Note,
diff --git a/Makefile b/Makefile
-index d13322a..6eaab55 100644
+index 87d12b4..b9e0477 100644
--- a/Makefile
+++ b/Makefile
@@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -3514,7 +3500,7 @@ index 78c02b3..c94109a 100644
struct omap_device *omap_device_alloc(struct platform_device *pdev,
struct omap_hwmod **ohs, int oh_cnt);
diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c
-index 48495ad8..9502fdd 100644
+index 8e0bd59..1d0b85e 100644
--- a/arch/arm/mach-omap2/omap_hwmod.c
+++ b/arch/arm/mach-omap2/omap_hwmod.c
@@ -200,10 +200,10 @@ struct omap_hwmod_soc_ops {
@@ -5594,10 +5580,10 @@ index 4efe96a..60e8699 100644
#define SMP_CACHE_BYTES L1_CACHE_BYTES
diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
-index 71683a8..54062ef 100644
+index db45961..6932668 100644
--- a/arch/mips/Kconfig
+++ b/arch/mips/Kconfig
-@@ -2641,6 +2641,7 @@ source "kernel/Kconfig.preempt"
+@@ -2642,6 +2642,7 @@ source "kernel/Kconfig.preempt"
config KEXEC
bool "Kexec system call"
select KEXEC_CORE
@@ -29629,27 +29615,6 @@ index 4d30b86..94115f0 100644
#define APIC_LVT_NUM 6
/* 14 is the version for Xeon and Pentium 8.4.8*/
-diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
-index e7c2c14..8eb8a93 100644
---- a/arch/x86/kvm/mmu.c
-+++ b/arch/x86/kvm/mmu.c
-@@ -3754,13 +3754,15 @@ static void reset_rsvds_bits_mask_ept(struct kvm_vcpu *vcpu,
- void
- reset_shadow_zero_bits_mask(struct kvm_vcpu *vcpu, struct kvm_mmu *context)
- {
-+ bool uses_nx = context->nx || context->base_role.smep_andnot_wp;
-+
- /*
- * Passing "true" to the last argument is okay; it adds a check
- * on bit 8 of the SPTEs which KVM doesn't use anyway.
- */
- __reset_rsvds_bits_mask(vcpu, &context->shadow_zero_check,
- boot_cpu_data.x86_phys_bits,
-- context->shadow_root_level, context->nx,
-+ context->shadow_root_level, uses_nx,
- guest_cpuid_has_gbpages(vcpu), is_pse(vcpu),
- true);
- }
diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
index 7be8a25..7d71250 100644
--- a/arch/x86/kvm/paging_tmpl.h
@@ -29700,7 +29665,7 @@ index 899c40f..a114588 100644
.disabled_by_bios = is_disabled,
.hardware_setup = svm_hardware_setup,
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index 5fd846c..405597f 100644
+index 0958fa2..9fe3f1d 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -1514,12 +1514,12 @@ static void vmcs_write64(unsigned long field, u64 value)
@@ -29718,7 +29683,7 @@ index 5fd846c..405597f 100644
{
vmcs_writel(field, vmcs_readl(field) | mask);
}
-@@ -1779,32 +1779,41 @@ static void reload_tss(void)
+@@ -1786,7 +1786,11 @@ static void reload_tss(void)
struct desc_struct *descs;
descs = (void *)gdt->address;
@@ -29730,72 +29695,7 @@ index 5fd846c..405597f 100644
load_TR_desc();
}
- static bool update_transition_efer(struct vcpu_vmx *vmx, int efer_offset)
- {
-- u64 guest_efer;
-- u64 ignore_bits;
-+ u64 guest_efer = vmx->vcpu.arch.efer;
-+ u64 ignore_bits = 0;
-
-- guest_efer = vmx->vcpu.arch.efer;
-+ if (!enable_ept) {
-+ /*
-+ * NX is needed to handle CR0.WP=1, CR4.SMEP=1. Testing
-+ * host CPUID is more efficient than testing guest CPUID
-+ * or CR4. Host SMEP is anyway a requirement for guest SMEP.
-+ */
-+ if (boot_cpu_has(X86_FEATURE_SMEP))
-+ guest_efer |= EFER_NX;
-+ else if (!(guest_efer & EFER_NX))
-+ ignore_bits |= EFER_NX;
-+ }
-
- /*
-- * NX is emulated; LMA and LME handled by hardware; SCE meaningless
-- * outside long mode
-+ * LMA and LME handled by hardware; SCE meaningless outside long mode.
- */
-- ignore_bits = EFER_NX | EFER_SCE;
-+ ignore_bits |= EFER_SCE;
- #ifdef CONFIG_X86_64
- ignore_bits |= EFER_LMA | EFER_LME;
- /* SCE is meaningful only in long mode on Intel */
- if (guest_efer & EFER_LMA)
- ignore_bits &= ~(u64)EFER_SCE;
- #endif
-- guest_efer &= ~ignore_bits;
-- guest_efer |= host_efer & ignore_bits;
-- vmx->guest_msrs[efer_offset].data = guest_efer;
-- vmx->guest_msrs[efer_offset].mask = ~ignore_bits;
-
- clear_atomic_switch_msr(vmx, MSR_EFER);
-
-@@ -1815,16 +1824,21 @@ static bool update_transition_efer(struct vcpu_vmx *vmx, int efer_offset)
- */
- if (cpu_has_load_ia32_efer ||
- (enable_ept && ((vmx->vcpu.arch.efer ^ host_efer) & EFER_NX))) {
-- guest_efer = vmx->vcpu.arch.efer;
- if (!(guest_efer & EFER_LMA))
- guest_efer &= ~EFER_LME;
- if (guest_efer != host_efer)
- add_atomic_switch_msr(vmx, MSR_EFER,
- guest_efer, host_efer);
- return false;
-+ } else {
-+ guest_efer &= ~ignore_bits;
-+ guest_efer |= host_efer & ignore_bits;
-+
-+ vmx->guest_msrs[efer_offset].data = guest_efer;
-+ vmx->guest_msrs[efer_offset].mask = ~ignore_bits;
-+
-+ return true;
- }
--
-- return true;
- }
-
- static unsigned long segment_base(u16 selector)
-@@ -2061,6 +2075,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
+@@ -2078,6 +2082,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
vmcs_writel(HOST_TR_BASE, kvm_read_tr_base()); /* 22.2.4 */
vmcs_writel(HOST_GDTR_BASE, gdt->address); /* 22.2.4 */
@@ -29806,7 +29706,7 @@ index 5fd846c..405597f 100644
rdmsrl(MSR_IA32_SYSENTER_ESP, sysenter_esp);
vmcs_writel(HOST_IA32_SYSENTER_ESP, sysenter_esp); /* 22.2.3 */
-@@ -2378,7 +2396,7 @@ static void setup_msrs(struct vcpu_vmx *vmx)
+@@ -2395,7 +2403,7 @@ static void setup_msrs(struct vcpu_vmx *vmx)
* guest_tsc = (host_tsc * tsc multiplier) >> 48 + tsc_offset
* -- Intel TSC Scaling for Virtualization White Paper, sec 1.3
*/
@@ -29815,7 +29715,7 @@ index 5fd846c..405597f 100644
{
u64 host_tsc, tsc_offset;
-@@ -4609,7 +4627,10 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
+@@ -4626,7 +4634,10 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
unsigned long cr4;
vmcs_writel(HOST_CR0, read_cr0() & ~X86_CR0_TS); /* 22.2.3 */
@@ -29826,7 +29726,7 @@ index 5fd846c..405597f 100644
/* Save the most likely value for this task's CR4 in the VMCS. */
cr4 = cr4_read_shadow();
-@@ -4636,7 +4657,7 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
+@@ -4653,7 +4664,7 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */
vmx->host_idt_base = dt.address;
@@ -29835,7 +29735,7 @@ index 5fd846c..405597f 100644
rdmsr(MSR_IA32_SYSENTER_CS, low32, high32);
vmcs_write32(HOST_IA32_SYSENTER_CS, low32);
-@@ -6186,11 +6207,17 @@ static __init int hardware_setup(void)
+@@ -6203,11 +6214,17 @@ static __init int hardware_setup(void)
* page upon invalidation. No need to do anything if not
* using the APIC_ACCESS_ADDR VMCS field.
*/
@@ -29855,7 +29755,7 @@ index 5fd846c..405597f 100644
if (enable_ept && !cpu_has_vmx_ept_2m_page())
kvm_disable_largepages();
-@@ -6207,6 +6234,7 @@ static __init int hardware_setup(void)
+@@ -6224,6 +6241,7 @@ static __init int hardware_setup(void)
kvm_tsc_scaling_ratio_frac_bits = 48;
}
@@ -29863,7 +29763,7 @@ index 5fd846c..405597f 100644
if (enable_apicv)
kvm_x86_ops->update_cr8_intercept = NULL;
else {
-@@ -6215,6 +6243,7 @@ static __init int hardware_setup(void)
+@@ -6232,6 +6250,7 @@ static __init int hardware_setup(void)
kvm_x86_ops->deliver_posted_interrupt = NULL;
kvm_x86_ops->sync_pir_to_irr = vmx_sync_pir_to_irr_dummy;
}
@@ -29871,7 +29771,7 @@ index 5fd846c..405597f 100644
vmx_disable_intercept_for_msr(MSR_FS_BASE, false);
vmx_disable_intercept_for_msr(MSR_GS_BASE, false);
-@@ -6269,10 +6298,12 @@ static __init int hardware_setup(void)
+@@ -6286,10 +6305,12 @@ static __init int hardware_setup(void)
enable_pml = 0;
if (!enable_pml) {
@@ -29884,7 +29784,7 @@ index 5fd846c..405597f 100644
}
kvm_set_posted_intr_wakeup_handler(wakeup_handler);
-@@ -8584,6 +8615,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -8601,6 +8622,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
"jmp 2f \n\t"
"1: " __ex(ASM_VMX_VMRESUME) "\n\t"
"2: "
@@ -29897,7 +29797,7 @@ index 5fd846c..405597f 100644
/* Save guest registers, load host registers, keep flags */
"mov %0, %c[wordsize](%%" _ASM_SP ") \n\t"
"pop %0 \n\t"
-@@ -8636,6 +8673,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -8653,6 +8680,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
#endif
[cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)),
[wordsize]"i"(sizeof(ulong))
@@ -29909,7 +29809,7 @@ index 5fd846c..405597f 100644
: "cc", "memory"
#ifdef CONFIG_X86_64
, "rax", "rbx", "rdi", "rsi"
-@@ -8649,7 +8691,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -8666,7 +8698,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
if (debugctlmsr)
update_debugctlmsr(debugctlmsr);
@@ -29918,7 +29818,7 @@ index 5fd846c..405597f 100644
/*
* The sysexit path does not restore ds/es, so we must set them to
* a reasonable value ourselves.
-@@ -8658,8 +8700,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -8675,8 +8707,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
* may be executed in interrupt context, which saves and restore segments
* around it, nullifying its effect.
*/
@@ -29939,7 +29839,7 @@ index 5fd846c..405597f 100644
#endif
vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP)
-@@ -10741,7 +10793,7 @@ out:
+@@ -10758,7 +10800,7 @@ out:
return ret;
}
@@ -34577,7 +34477,7 @@ index c3b3f65..5bfe5dc 100644
unsigned long uninitialized_var(pfn_align);
int i, nid;
diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
-index db20ee9..a2bb098 100644
+index b599a78..4ac899d 100644
--- a/arch/x86/mm/pageattr.c
+++ b/arch/x86/mm/pageattr.c
@@ -259,7 +259,7 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address,
@@ -34624,7 +34524,7 @@ index db20ee9..a2bb098 100644
prot = __pgprot(pgprot_val(prot) & ~pgprot_val(forbidden));
return prot;
-@@ -445,23 +454,37 @@ EXPORT_SYMBOL_GPL(slow_virt_to_phys);
+@@ -451,23 +460,37 @@ EXPORT_SYMBOL_GPL(slow_virt_to_phys);
static void __set_pmd_pte(pte_t *kpte, unsigned long address, pte_t pte)
{
/* change init_mm */
@@ -34664,7 +34564,7 @@ index db20ee9..a2bb098 100644
}
static int
-@@ -698,6 +721,10 @@ __split_large_page(struct cpa_data *cpa, pte_t *kpte, unsigned long address,
+@@ -704,6 +727,10 @@ __split_large_page(struct cpa_data *cpa, pte_t *kpte, unsigned long address,
return 0;
}
@@ -34675,7 +34575,7 @@ index db20ee9..a2bb098 100644
static int split_large_page(struct cpa_data *cpa, pte_t *kpte,
unsigned long address)
{
-@@ -1141,6 +1168,9 @@ static int __cpa_process_fault(struct cpa_data *cpa, unsigned long vaddr,
+@@ -1147,6 +1174,9 @@ static int __cpa_process_fault(struct cpa_data *cpa, unsigned long vaddr,
}
}
@@ -34685,7 +34585,7 @@ index db20ee9..a2bb098 100644
static int __change_page_attr(struct cpa_data *cpa, int primary)
{
unsigned long address;
-@@ -1199,7 +1229,9 @@ repeat:
+@@ -1205,7 +1235,9 @@ repeat:
* Do we really change anything ?
*/
if (pte_val(old_pte) != pte_val(new_pte)) {
@@ -44054,7 +43954,7 @@ index b928c17..e5d9400 100644
if (regcomp
(&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) {
diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c
-index d690df5..4aaaead 100644
+index c566993..0bf8fae 100644
--- a/drivers/gpu/drm/radeon/radeon_device.c
+++ b/drivers/gpu/drm/radeon/radeon_device.c
@@ -1253,7 +1253,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev)
@@ -54128,7 +54028,7 @@ index 29ae58e..305baa0 100644
case WLAN_CIPHER_SUITE_TKIP:
iwl_mvm_tkip_sc_to_seq(&sc->tkip.tsc, &seq);
diff --git a/drivers/net/wireless/iwlwifi/mvm/tx.c b/drivers/net/wireless/iwlwifi/mvm/tx.c
-index c652a66..1f75da8 100644
+index 6743edf..22a86c5 100644
--- a/drivers/net/wireless/iwlwifi/mvm/tx.c
+++ b/drivers/net/wireless/iwlwifi/mvm/tx.c
@@ -284,7 +284,7 @@ static void iwl_mvm_set_tx_cmd_crypto(struct iwl_mvm *mvm,
@@ -84903,10 +84803,10 @@ index eff6319..d8a12987 100644
if (res < 0) {
free_page((unsigned long) buf);
diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
-index b29036a..dcce79c 100644
+index 05ac9a9..c60faca 100644
--- a/fs/overlayfs/inode.c
+++ b/fs/overlayfs/inode.c
-@@ -356,6 +356,9 @@ struct inode *ovl_d_select_inode(struct dentry *dentry, unsigned file_flags)
+@@ -358,6 +358,9 @@ struct inode *ovl_d_select_inode(struct dentry *dentry, unsigned file_flags)
if (d_is_dir(dentry))
return d_backing_inode(dentry);
@@ -84917,10 +84817,10 @@ index b29036a..dcce79c 100644
if (ovl_open_need_copy_up(file_flags, type, realpath.dentry)) {
err = ovl_want_write(dentry);
diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
-index f42c940..e5ae48a 100644
+index 000b2ed..0be081d 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
-@@ -173,7 +173,7 @@ void ovl_path_lower(struct dentry *dentry, struct path *path)
+@@ -175,7 +175,7 @@ void ovl_path_lower(struct dentry *dentry, struct path *path)
{
struct ovl_entry *oe = dentry->d_fsdata;
@@ -84929,7 +84829,7 @@ index f42c940..e5ae48a 100644
}
int ovl_want_write(struct dentry *dentry)
-@@ -881,8 +881,8 @@ static unsigned int ovl_split_lowerdirs(char *str)
+@@ -884,8 +884,8 @@ static unsigned int ovl_split_lowerdirs(char *str)
static int ovl_fill_super(struct super_block *sb, void *data, int silent)
{
@@ -87858,10 +87758,10 @@ index 8d974c4..b82f6ec 100644
{
if (UFS_SB(sbp)->s_bytesex == BYTESEX_LE)
diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c
-index 5031170..472208c 100644
+index 66cdb44..2eb05e1 100644
--- a/fs/userfaultfd.c
+++ b/fs/userfaultfd.c
-@@ -426,7 +426,7 @@ static int userfaultfd_release(struct inode *inode, struct file *file)
+@@ -432,7 +432,7 @@ static int userfaultfd_release(struct inode *inode, struct file *file)
struct userfaultfd_wake_range range = { .len = 0, };
unsigned long new_flags;
@@ -100351,22 +100251,6 @@ index 576e463..28fd926 100644
extern void __register_binfmt(struct linux_binfmt *fmt, int insert);
-diff --git a/include/linux/bio.h b/include/linux/bio.h
-index 79cfaee..fbe47bc 100644
---- a/include/linux/bio.h
-+++ b/include/linux/bio.h
-@@ -320,11 +320,6 @@ static inline void bio_get_last_bvec(struct bio *bio, struct bio_vec *bv)
- struct bvec_iter iter = bio->bi_iter;
- int idx;
-
-- if (!bio_flagged(bio, BIO_CLONED)) {
-- *bv = bio->bi_io_vec[bio->bi_vcnt - 1];
-- return;
-- }
--
- if (unlikely(!bio_multiple_segments(bio))) {
- *bv = bio_iovec(bio);
- return;
diff --git a/include/linux/bitmap.h b/include/linux/bitmap.h
index 9653fdb..b3d3a17 100644
--- a/include/linux/bitmap.h
@@ -126560,6 +126444,19 @@ index 9da3287..87089a6 100644
icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0);
kfree_skb(skb);
+diff --git a/net/ipv6/xfrm6_mode_transport.c b/net/ipv6/xfrm6_mode_transport.c
+index 4e34410..232827a 100644
+--- a/net/ipv6/xfrm6_mode_transport.c
++++ b/net/ipv6/xfrm6_mode_transport.c
+@@ -19,7 +19,7 @@
+ * The IP header and mutable extension headers will be moved forward to make
+ * space for the encapsulation header.
+ */
+-static int xfrm6_transport_output(struct xfrm_state *x, struct sk_buff *skb)
++static int __intentional_overflow(0) xfrm6_transport_output(struct xfrm_state *x, struct sk_buff *skb)
+ {
+ struct ipv6hdr *iph;
+ u8 *prevhdr;
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index c074771..45ded9b 100644
--- a/net/ipv6/xfrm6_policy.c
@@ -126940,7 +126837,7 @@ index 7961e7d..eea148f 100644
(u8)(pn >> 40), (u8)(pn >> 32), (u8)(pn >> 24),
(u8)(pn >> 16), (u8)(pn >> 8), (u8)pn);
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
-index 5322b4c..ed9ecbe 100644
+index 6837a46..f8aaf7d 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -30,6 +30,7 @@
@@ -130211,10 +130108,10 @@ index dc9c792..3089de0 100644
+ .process_negotiate = vmci_transport_notify_pkt_process_negotiate,
};
diff --git a/net/wireless/wext-core.c b/net/wireless/wext-core.c
-index c8717c1..08539f5 100644
+index b50ee5d..ccf70ab 100644
--- a/net/wireless/wext-core.c
+++ b/net/wireless/wext-core.c
-@@ -748,8 +748,7 @@ static int ioctl_standard_iw_point(struct iw_point *iwp, unsigned int cmd,
+@@ -778,8 +778,7 @@ static int ioctl_standard_iw_point(struct iw_point *iwp, unsigned int cmd,
*/
/* Support for very large requests */
@@ -130224,7 +130121,7 @@ index c8717c1..08539f5 100644
/* Allow userspace to GET more than max so
* we can support any size GET requests.
* There is still a limit : -ENOMEM.
-@@ -788,22 +787,6 @@ static int ioctl_standard_iw_point(struct iw_point *iwp, unsigned int cmd,
+@@ -818,22 +817,6 @@ static int ioctl_standard_iw_point(struct iw_point *iwp, unsigned int cmd,
}
}
@@ -180450,7 +180347,7 @@ index 0a578fe..b81f62d 100644
})
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
-index 484079e..70365d0 100644
+index 7338e30..5adab9c 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -90,12 +90,17 @@ LIST_HEAD(vm_list);
@@ -180502,7 +180399,7 @@ index 484079e..70365d0 100644
}
EXPORT_SYMBOL_GPL(kvm_clear_guest_page);
-@@ -2233,7 +2246,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp)
+@@ -2236,7 +2249,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp)
return 0;
}
@@ -180511,7 +180408,7 @@ index 484079e..70365d0 100644
.release = kvm_vcpu_release,
.unlocked_ioctl = kvm_vcpu_ioctl,
#ifdef CONFIG_KVM_COMPAT
-@@ -2949,7 +2962,7 @@ out:
+@@ -2952,7 +2965,7 @@ out:
}
#endif
@@ -180520,7 +180417,7 @@ index 484079e..70365d0 100644
.release = kvm_vm_release,
.unlocked_ioctl = kvm_vm_ioctl,
#ifdef CONFIG_KVM_COMPAT
-@@ -3020,7 +3033,7 @@ out:
+@@ -3023,7 +3036,7 @@ out:
return r;
}
@@ -180529,7 +180426,7 @@ index 484079e..70365d0 100644
.unlocked_ioctl = kvm_dev_ioctl,
.compat_ioctl = kvm_dev_ioctl,
.llseek = noop_llseek,
-@@ -3046,7 +3059,7 @@ static void hardware_enable_nolock(void *junk)
+@@ -3049,7 +3062,7 @@ static void hardware_enable_nolock(void *junk)
if (r) {
cpumask_clear_cpu(cpu, cpus_hardware_enabled);
@@ -180538,7 +180435,7 @@ index 484079e..70365d0 100644
pr_info("kvm: enabling virtualization on CPU%d failed\n", cpu);
}
}
-@@ -3101,10 +3114,10 @@ static int hardware_enable_all(void)
+@@ -3104,10 +3117,10 @@ static int hardware_enable_all(void)
kvm_usage_count++;
if (kvm_usage_count == 1) {
@@ -180551,7 +180448,7 @@ index 484079e..70365d0 100644
hardware_disable_all_nolock();
r = -EBUSY;
}
-@@ -3568,7 +3581,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -3571,7 +3584,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
if (!vcpu_align)
vcpu_align = __alignof__(struct kvm_vcpu);
kvm_vcpu_cache = kmem_cache_create("kvm_vcpu", vcpu_size, vcpu_align,
@@ -180560,7 +180457,7 @@ index 484079e..70365d0 100644
if (!kvm_vcpu_cache) {
r = -ENOMEM;
goto out_free_3;
-@@ -3578,9 +3591,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -3581,9 +3594,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
if (r)
goto out_free;
@@ -180572,7 +180469,7 @@ index 484079e..70365d0 100644
r = misc_register(&kvm_dev);
if (r) {
-@@ -3590,9 +3605,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -3593,9 +3608,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
register_syscore_ops(&kvm_syscore_ops);
diff --git a/4.4.5/4425_grsec_remove_EI_PAX.patch b/4.4.6/4425_grsec_remove_EI_PAX.patch
index 2a1aa6c..2a1aa6c 100644
--- a/4.4.5/4425_grsec_remove_EI_PAX.patch
+++ b/4.4.6/4425_grsec_remove_EI_PAX.patch
diff --git a/4.4.5/4427_force_XATTR_PAX_tmpfs.patch b/4.4.6/4427_force_XATTR_PAX_tmpfs.patch
index f6aea64..f6aea64 100644
--- a/4.4.5/4427_force_XATTR_PAX_tmpfs.patch
+++ b/4.4.6/4427_force_XATTR_PAX_tmpfs.patch
diff --git a/4.4.5/4430_grsec-remove-localversion-grsec.patch b/4.4.6/4430_grsec-remove-localversion-grsec.patch
index 31cf878..31cf878 100644
--- a/4.4.5/4430_grsec-remove-localversion-grsec.patch
+++ b/4.4.6/4430_grsec-remove-localversion-grsec.patch
diff --git a/4.4.5/4435_grsec-mute-warnings.patch b/4.4.6/4435_grsec-mute-warnings.patch
index b7564e4..b7564e4 100644
--- a/4.4.5/4435_grsec-mute-warnings.patch
+++ b/4.4.6/4435_grsec-mute-warnings.patch
diff --git a/4.4.5/4440_grsec-remove-protected-paths.patch b/4.4.6/4440_grsec-remove-protected-paths.patch
index 741546d..741546d 100644
--- a/4.4.5/4440_grsec-remove-protected-paths.patch
+++ b/4.4.6/4440_grsec-remove-protected-paths.patch
diff --git a/4.4.5/4450_grsec-kconfig-default-gids.patch b/4.4.6/4450_grsec-kconfig-default-gids.patch
index 77f9706..79a866b 100644
--- a/4.4.5/4450_grsec-kconfig-default-gids.patch
+++ b/4.4.6/4450_grsec-kconfig-default-gids.patch
@@ -16,7 +16,7 @@ from shooting themselves in the foot.
diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
--- a/grsecurity/Kconfig 2012-10-13 09:51:35.000000000 -0400
+++ b/grsecurity/Kconfig 2012-10-13 09:52:32.000000000 -0400
-@@ -697,7 +697,7 @@
+@@ -699,7 +699,7 @@
config GRKERNSEC_AUDIT_GID
int "GID for auditing"
depends on GRKERNSEC_AUDIT_GROUP
@@ -25,7 +25,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
config GRKERNSEC_EXECLOG
bool "Exec logging"
-@@ -946,7 +946,7 @@
+@@ -948,7 +948,7 @@
config GRKERNSEC_TPE_UNTRUSTED_GID
int "GID for TPE-untrusted users"
depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
@@ -34,7 +34,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
help
Setting this GID determines what group TPE restrictions will be
*enabled* for. If the sysctl option is enabled, a sysctl option
-@@ -955,7 +955,7 @@
+@@ -957,7 +957,7 @@
config GRKERNSEC_TPE_TRUSTED_GID
int "GID for TPE-trusted users"
depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
@@ -43,7 +43,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
help
Setting this GID determines what group TPE restrictions will be
*disabled* for. If the sysctl option is enabled, a sysctl option
-@@ -1040,7 +1040,7 @@
+@@ -1042,7 +1042,7 @@
config GRKERNSEC_SOCKET_ALL_GID
int "GID to deny all sockets for"
depends on GRKERNSEC_SOCKET_ALL
@@ -52,7 +52,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
help
Here you can choose the GID to disable socket access for. Remember to
add the users you want socket access disabled for to the GID
-@@ -1061,7 +1061,7 @@
+@@ -1063,7 +1063,7 @@
config GRKERNSEC_SOCKET_CLIENT_GID
int "GID to deny client sockets for"
depends on GRKERNSEC_SOCKET_CLIENT
@@ -61,7 +61,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
help
Here you can choose the GID to disable client socket access for.
Remember to add the users you want client socket access disabled for to
-@@ -1079,7 +1079,7 @@
+@@ -1081,7 +1081,7 @@
config GRKERNSEC_SOCKET_SERVER_GID
int "GID to deny server sockets for"
depends on GRKERNSEC_SOCKET_SERVER
diff --git a/4.4.5/4465_selinux-avc_audit-log-curr_ip.patch b/4.4.6/4465_selinux-avc_audit-log-curr_ip.patch
index f1c4923..7248385 100644
--- a/4.4.5/4465_selinux-avc_audit-log-curr_ip.patch
+++ b/4.4.6/4465_selinux-avc_audit-log-curr_ip.patch
@@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org>
diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
--- a/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400
+++ b/grsecurity/Kconfig 2011-04-17 19:32:53.000000000 -0400
-@@ -1174,6 +1174,27 @@
+@@ -1176,6 +1176,27 @@
menu "Logging Options"
depends on GRKERNSEC
diff --git a/4.4.5/4470_disable-compat_vdso.patch b/4.4.6/4470_disable-compat_vdso.patch
index 281aad9..281aad9 100644
--- a/4.4.5/4470_disable-compat_vdso.patch
+++ b/4.4.6/4470_disable-compat_vdso.patch
diff --git a/4.4.5/4475_emutramp_default_on.patch b/4.4.6/4475_emutramp_default_on.patch
index afd6019..afd6019 100644
--- a/4.4.5/4475_emutramp_default_on.patch
+++ b/4.4.6/4475_emutramp_default_on.patch